The business models underlying social networking services (SNS) are
dependent on the provision of content by users, the compellingness of that
content, and the capacity of the SNS operator to leverage off that content. It
has therefore been in the interests of SNS operators to at least encourage and
generally to enveigle users into providing content of interest to other users,
and to maximise the discoverability and accessibility of that content. The
terms of service and privacy policies applied to SNS are devised by SNS
operators to serve those needs.

In the very early days of SNS, the author undertook an assessment of Plaxo
(Clarke
2004). The market has diversified, adoption rates have grown, different
services have achieved successes in different national contexts (see, for
example,
the
Wikipedia entry), and the services have become more sophisticated and more
closely inter-linked with the advertising market. Recently, a great deal has
been published about the misbehaviour of leading players. Summaries of the
issues are in
Clarke
(2010) re
Facebook,
and re Google's second attempt,
Google
Buzz (which follows its not-very-successful Orkut service).

LinkedIn stands a little apart from other SNS. Since its inception in 2003, it
has been projected as a professional networking service. This paper reports on
assessments of LinkedIn's Terms of Service and Privacy Policy, which were
conducted in December 2010. The paper commences with a brief description of
the research method adopted. The following section introduces and applies a
Checklist of consumer interests. A Privacy Statement Template is then used as
a basis for evaluating the company's Privacy Policy. Greater detail on
particular aspects is provided in Appendices.

Firefox 3.0.18 was unable to reliably render the documents in PDF, and
copies were extracted using Safari 4.0.4.

A preliminary analysis was undertaken on 4-5 December 2010, by reading through
the documents and identifying aspects that appeared to raise consumer rights or
privacy issues. This activity was based on the author's 20 years of work in
the eBusiness strategy and policy. Previous assessments have been published in
Clarke
(2005c,
2006
and
2008).
Edited versions of the notes arising from that analysis are in
Appendix
1 (Terms) and
Appendix
2 (Privacy).

A second analysis was then undertaken, evaluating the two documents against a
checklist of consumer interests and a privacy statement template. Details of
the two reference-points are provided in the sections below. No testing has
been performed of the details of particular functions performed by LinkedIn or
of the veracity of claims in the two documents.

Conclusions were drawn, and this review draft was provided to LinkedIn for
comment. [The paper was also exposed to colleagues who work in related areas,
and to electronic communities comprising individuals with an interest in
Internet policy and consumer matters and/or privacy. The draft was revised to
reflect feedback received.]

There is remarkably little in the way of a authoritative checklists of what
consumers need in Terms of Service for online services.
Clarke
(2006) identified several partial sources, in particular
OECD
(2000) and
UN
(2003), and proposed a checklist. This was further enhanced in
Clarke
(2008), and discussed in Svantesson & Clarke (2010).

The Checklist is comprehensive, covering such aspects of the marketer-consumer
relationship as information about the merchant, the process and the terms, the
fairness of those terms, consent, privacy protections, recourse and redress.
It is only a list, however, and does not, at this stage, include prescriptive
statements about what consumers need. They therefore need to be interpolated,
based on other sources and expertise.

In the Information cluster, the accessibility of the terms is
unsatisfactory, because prior versions are not available. On the other hand,
if the company's assertion of the power to change contracts at will is accepted
by courts (or never litigated), then old Terms become null and void as soon as
the company makes a change.

Some of the Terms of Contract are not reasonable. Of
particular concern are Terms 4A, 5 and 6, which deny any responsibility to
actually provide the service, to provide it reliably, and to sustain all data
stored on it. A further concern is the inconvenience for a great many
subscribers of the jurisdiction of California, set by Term 8, irrespective of
the location of the subscriber - even though for more than half of LinkedIn's
subscribers, their contract is actually with a company in Ireland. Term 2I
purports to impose unseen 'clickwrap' Terms in relation to the use of
downloadable applications.

Terms 7A and 7B purport to provide the company with excessive powers to
"restrict, suspend or terminate" accounts. Terms 10B1 and 10B28b set ambiguous
thresholds in relation to "inappropriate, inaccurate, or objectionable
content", and purport to provide the company with very substantial powers in
relation to that content.

Term 9E purports to grant the company "the right to modify, supplement or
replace the terms of the Agreement", i.e. to change the Terms unilaterally and
without notice. Term 9G purports to deny a subscriber the right to any form of
injunctive relief. Term 10B19 unreasonably prohibits a subscriber from taking
what may be entirely justifiable actions to "Remove, cover or otherwise obscure
any form of advertisement included on LinkedIn".

In relation to Security, aspects relating to the storage and
transmission of data are reasonably clearly explained, and in general it
appears that aspects that are under the company's control may be adequately
addressed. However, Term 2F implies that if credit card details have been
provided by the subscriber, then full rather than partial details are retained
(e.g. all except the last four digits of the card-number).

Personal safety is unreasonably compromised, however. Identity protection is
one area of concern. Term 2C(4) requires subscribers to "only maintain one
LinkedIn account at any given time", despite the fact that many people use more
than one identity. For literary authors and artists this may be merely a
convenience, but for undercover operatives, and for political journalists in
dangerous countries, it may be crucial to personal safety.

The situation is somewhat confused by Term 10B5, which says "[Don't] Create a
user profile for anyone other than a natural person". A nom de plume is a
partial profile, relating to one particular identity or persona of a natural
person. (This kind of confusion is symptomatic of the failure of corporations
and government agencies to appreciate that entities and identities are
different notions). Term 10B26 says "[Don't] create a false identity on
LinkedIn", without providing any guidance as to what the notion of 'false
identity' means. Term 10B28a purports to ban the use of pseudonyms.

Personal control of location information is another factor crucial for some
kinds of people, at least some of the time. Yet Term 2I forces subscribers to
disclose their physical location, as a condition of service, and without an
effective consent or even an opt-out facility, even if location is irrelevant
to the transaction. Term 10B28h goes further and purports to preclude a person
from protecting their net-location, and in some circumstances perhaps their
physical location.

Particularly in view of these Terms, it is unconscionable for Term 5 to purport
to deny "ALL LIABILITY FOR IDENTITY THEFT OR ANY OTHER MISUSE OF YOUR IDENTITY
OR INFORMATION" (capitalised in the original).

As regards Choice, little is available because LinkedIn's
Terms are non-negotiable conditions of service. The company's Privacy Policy
states that there is a range of Settings relating to privacy, but these are not
visible until after a subscriber has signed up.

As regards Consent, the Terms assert that the subscriber is
granting consent, despite the fact that the Terms are all non-negotiable. This
does not satisfy the requirements of informed and freely-given consent
(Clarke
2002). Similarly, Term 9E purports to render consent irrelevant to
modifications of the Terms of Service.

Recourse is severely limited. Although processes are declared
in relation to complaints about copyright and content, no general enquiry and
complaints process is provided in relation to such matters as service quality
and terms of service. Nor is any external complaints process offered, nor any
indication as to which regulators have responsibilities and powers in relation
to the company's operations. Such information may be available to subscribers
after they have logged in, but no information is available to people
considering whether to become subscribers. Term 9G purports to deny a
subscriber the right to any form of injunctive relief.

In relation to the final section of the Checklist, Redress,
LinkedIn also serves subscribers very poorly. Terms 4A, 5 and 6 go as far as
to purport to deny any rights to restitution, irrespective of the nature and
gravity of the loss and of the extent of the company's responsibility for the
harm occurring. No indication is provided of relevant laws, nor any way to
initiate queries and complaints, nor any paths for seeking redress from any
authority.

The 2008 version of the Checklist is deficient in not providing a separate
heading for Copyright. Term 2B grants the company the kind of
copyright licence over the subscriber's data that essentially negates the
subscriber's nominal ownership of it. Anything that a subscriber puts on the
site becomes available to LinkedIn with almost the same powers as if they owned
it. This appears to include not only published Profile data, but also
Registration data and 'Private' data. In relation to its own content, LinkedIn
is over-zealous in its endeavours to protect its interests. Term 3 purports to
grant a right to access, and to deny the rights to 'screeen-scrape' and to
'deep link'. None of those rights exists under copyright law.

It has become common for operators of web-sites to explain their practices
in relation to the personal data that they gather about consumers. A review of
the origins and nature of such Privacy Policy Statements (PPS), and of research
relating to their usage, is provided in
Clarke
(2011). Various names are applied to PPS. In LinkedIn's case the term
used is 'Privacy Policy'.

Limited guidance is available in the literature as to what constitutes an
appropriate form for a PPS
Clarke
(2011). Based on the author's 30 years of professional, consultancy and
research activity in the area, including consideration of the various guides to
and exemplars of PPS published by government agencies and industry
associations, a Privacy Statement Template was published in Clarke
(2005a,
2005b).

During the first 5 years following its publication, the Template has
accumulated over 20,000 downloads. It has been used by many organisations in
preparing their own PPS. Its primary benefit, however, is as a standard
against which corporate PPS can be compared. The Template stipulates
requirements in the areas of data collection, data security, data use, data
disclosure, data retention and destruction, access by data subjects to personal
data, information about data handling practices, the handling of enquiries,
general concerns and complaints, enforcement, and changes to privacy
undertakings.

A number of aspects of LinkedIn's PPS approach best practice, such as the clear
explanations of the nature and purpose of the service (Introduction), of
cookie-usage (1F), and of log data (1H). A number of the features of the
service are also privacy-positive, such as the opt-out facilities for web
beacons (1G) and promotional communications (2B), the repeated mentions of and
links to Settings, the statement that users are provided with "granular control
over the information they share" (3B), and the memorialisation provisions
(3D).

However, a number of aspects give rise to concerns, some of them very serious.

As regards Data Collection, no statement appears to be made
about the collection of subscriber data from other sources. A considerable
amount of data about each subscriber comes into LinkedIn's possession from
other subscribers, and some may come from other sources such as credit bureaux.
If the Privacy Policy is as seriously deficient in this regard as it appears to
be, it requires correction.

Term 1, which links with 1A and 1B, refers to "certain information", but at no
stage is it made clear which data-items the Terms refer to. This lack of
clarity needs to be overcome in order to deliver 'certainty' to subscribers.

In relation to Data Security, Term 5B stipulates as a
condition of service that the data will be stored in the USA, irrespective of
the subscriber's location. For many of the more than 50% non-American
subscribers, the USA has lower-grade data protection and more highly intrusive
government powers than is the case in their own jurisdiction.

Although a statement is made about technical security measures, and about
control over the behaviour of contractors, no undertakings whatsoever appear to
be provided in relation to the behaviour of staff, and controls over that
behaviour.

The term Data Use refers to LinkedIn's use of personal data
that it has access to. Profile data is made available by subscribers to other
subscribers. Private data is stored on the system by each subscriber for their
own purposes alone. Yet Terms 1B and 1C provide the company with considerable
latitude to put both Profile and Private data to any purpose it chooses,
including for serving advertisements and for increasing networking. Term 3B
also defaults to allow use of personal data by LinkedIn for polls and
surveys.

The term Data Disclosure encompasses all forms of access to
personal data by parties other than the subscriber and LinkedIn. LinkedIn's
policies fall a long way short of an acceptable standard.

On the one hand, Term 2E states that "we do not ... provide your personally
identifiable information to third parties for marketing purposes". On the
other hand, Term 2F declares that "permission to access certain account
information may be automatically granted [to
a
large number of LinkedIn Partners and Platform Developers] to provide
combined services or functionality". This access is "automatically granted",
i.e. a condition of service. There are grounds for concern that this may
represent a substantial undermining of what otherwise appeared to be
substantial assurances.

Term 2K is unreasonable, in that it purports to permit the disclosure of
personal data, without legal authority, merely "to assist government
enforcement agencies". Moreover, the provision appears to apply to almost any
agency.

Although Term 3B declares that LinkedIn's settings are designed "to provide our
users granular control over the information they share", a person who is not
(yet) a subscriber cannot see what the options are. Moreover, Term 3B sets a
default permission by subscribers to receive third-party advertising.

In addition, no undertaking is given to communicate to the subscriber that an
exceptional disclosure has occurred; and no undertaking is given to disclose
only such data as is necessary in the particular circumstances.

The Data Retention and Destruction undertakings are also
inadequate. Terms 1J, 3A and 3C contain mutual inconsistencies. It is
feasible that they could permit retention for a long period, or even
indefinitely, and it is unclear what the complete set of purposes is that could
be used to justify retention. As noted earlier, full credit-card details
appear to be retained, which creates the risk of financial fraud.

It is a fundamental of data protection that Access and Correction
Rights must exist. It would appear that the subscriber has access to
data that they themselves create and the ability to maintain it. However, it
is not clear that subscribers have the necessary access and correction rights
in relation to:

any data that identifies the individual and that LinkedIn creates or
generates

data about the individual that is created and maintained by other
subscribers

Correction rights include the ability to delete data. But Term 1J suggests
that data deletion is not under the subscriber's direct control, and, further,
that a response to a request can take as long as 30 days, and even then the
data may not be deleted.

As regards Information about Data-Handling Practices, a
moderate amount about the company's processes is provided, together with an
email-address for "questions or comments".

That address provides a starting-point for the Handling of Enquiries,
General Concerns and Complaints. However, very little information is
available about the processes involved. Term 5B states that "If you do not
receive acknowledgment of your inquiry or it is not satisfactorily addressed,
you may raise your complaint with TRUSTe". However, TRUSTe is merely the
operator of a meta-brand
(Clarke
2001), and the actions that the organisation takes have commonly had more
to do with protection of its own brand than with protection of consumers.

In relation to Enforcement, there is, admittedly, no effective
regulator in the USA. However, the Federal Trade Commission should be at least
mentioned, and it is highly unsatisfactory that no mention is made of the large
number of data protection commissioners in many countries throughout the world
that have powers, particularly in relation to complaint investigation.

The approach to Changes to the Privacy Undertakings is
seriously inappropriate. LinkedIn has no obligation to sustain the Privacy
Policy if the business is sold, or when something occurs that can be argued to
fit within the vague term 'reorganisation'. The company asserts the right to
make whatever changes to the Privacy Policy it sees fit, unilaterally, without
prior notice, without effective contemporaneous notice, and without
modification to the published Privacy Policy. The Privacy Policy cannot be
relied upon as presenting LinkedIn's undertakings, because notices may also
exist elsewhere on the company's website. LinkedIn applies all changes it
makes retrospectively, such that any undertaking it has provided can be reneged
on. Moreover, any change the company makes purports to be automatically
consented to by every LinkedIn subscriber.

In short, all of the good features of the document are completely undermined by
the malleability of the undertakings, at the company's sole discretion, without
notice, and with what amounts to retrospective effect.

LinkedIn is targeted at professionals. It would be reasonable to expect
that LinkedIn's users would be generally better-informed than users of other
SNS, would have higher expectations about the reasonableness of the terms of
service, would be more capable of registering their disapproval, and would
expect professional responses from their service-provider. Yet LinkedIn's
Terms include a significant number of provisions that are unreasonable and even
unconscionable. The deficiencies are so serious that some categories of
individuals should currently avoid any association with LinkedIn.

It is unclear what proxy the corporation used for its users when it devised the
Terms. Focus groups would be one way to gather insights into the expectations
and concerns of targeted market-segments. Discussions with representative and
advocacy groups would be another approach to gaining information. A further
possibility is a third-party evaluation conducted by a consultancy with
appropriate expertise.

SNS may be finally growing beyond fashion-accessories and becoming part of the
fabric of the society - and particularly in LinkedIn's case, of the economy.
During 2010, consumers have shown a heightened level of concern about the
policies and practices of Facebook and Google. LinkedIn is also
highly-exposed, by virtue of its size and the relative sophistication of its
user-base. It would appear to be highly advisable that the company take much
greater care in relation to the consumer-friendliness and
privacy-protectiveness of its policies and practices.

Appendices
Appendix
1: Terms of Service

Term 2B grants the company the kind of copyright licence over the
subscriber's data that essentially negates the subscriber's nominal ownership
of it. Once you've put anything on the site, that's the end of your control
over it.

The licence is provided to LinkedIn in respect of "any information you provide,
directly or indirectly to LinkedIn, including but not limited to any user
generated content, ideas, concepts, techniques or data to the services, you
submit to LinkedIn".

For bland profile data, this may not be much of an issue. But subscribers are
at risk of being sucked into publishing more than just profile data.

When a subscriber posts useful information (e.g. an answer to a request for
advice) in a manner visible to every other subscriber, it may be reasonable to
infer an open content licence (for everyone, not just LinkedIn). But a
one-to-one message, even if it were accompanied by an express or implied
copyright notice or confidentiality constraint (e.g. "just between you and
me"), would arguably be open for exploitation by LinkedIn.

Term 2C(4) requires subscribers to "only maintain one LinkedIn account at
any given time". But many people use more than one identity. Typical examples
include literary authors and artists, but political journalists in dangerous
countries, and undercover operatives may also be dependent on maintaining
separation between their personas.

This is somewhat confused by Term 10B5, which says "[Don't] Create a user
profile for anyone other than a natural person". A nom de plume is a partial
profile, relating to one particular identity or persona of a natural person.
(The confusion arises from the all-too-common failure to appreciate that
'identity' and 'entity' are different notions).

Term 10B26 says "[Don't] create a false identity on LinkedIn", without
providing any guidance as to what the notion of 'false identity' means. Term
10B28a purports to ban the use of pseudonyms.

Term 2I declares that "If you use the Services through a mobile device, you
agree that information ... may be communicated to us, including ... your
physical location". Hence, as a condition of service, subscribers are required
to disclose their physical location, even if this is irrelevant to the
transaction.

Term 2I purports to force subscribers to accept unseen Terms for the use of
downloadable applications ("by using any downloadable application to enable
your use of the Services, you are explicitly confirming your
acceptance of the terms ...", emphasis added).

Term 2K declares that "You acknowledge that your submission of any
information, statements, data, and content to us is voluntary on your part".
This is not logical, because some data is obligatory, as a condition of
registration.

Term 3 purports to "grant ... a ... right to access". No such right exists
under copyright law.

Term 3 purports to deny a right to 'scrape', which is presumably intended to
refer to 'screen-scraping'. It is unclear whether such a right exists under
copyright law. It is in any case counter-productive, since it would preclude a
subscriber sending a screen-image as part of an incident report. Term 10B11
repeats the purported prohibition against scraping.

The problem is compounded by Term 10B6, which says "[Don't, on pain of
termination] Utilize information, content or any data you view on and/or obtain
from LinkedIn to provide any service that is competitive, in LinkedIn's sole
discretion, with LinkedIn". The 'sole discretion' term is unconscionable.

A further unreasonable provision is Term 10B10, which prohibits deep-linking.
No such right exists under copyright law. It is in any case counter-productive
and even unconscionable, because it purports to preclude the inclusion of the
URLs for such pages as the Terms of Service and the Privacy Policy.

Terms 4A, 5 and 6 purport to deny any liability to provide the service, to
provide it reliably, to sustain data stored on it, etc., and also purport to
deny warranties or limit them to a very small sum. Term 4A even lacks a saving
phrase along the lines of 'to the extent permitted by law'.

Term 5 purports to deny "ALL LIABILITY FOR IDENTITY THEFT OR ANY OTHER MISUSE
OF YOUR IDENTITY OR INFORMATION" (capitalised in the original). Some of that
information is provided openly, but some (such as credit card details) is
provided to LinkedIn alone. It is unconscionable to attempt to deny liability
in such circumstances.

Term 7B purports to empower LinkedIn to "restrict, suspend or terminate the
account of any User [for] any ... behavior that LinkedIn, in its sole
discretion, deems contrary to its purpose".

Term 7B also purports to empower LinkedIn to have a policy of "terminating
accounts of Users who, in LinkedIn's sole discretion, are deemed to be repeat
infringers under the United States Copyright Act". The terms 'sole discretion'
and 'deemed' represent a far-from-adequate basis for such an action.

Further, the relevance of the US Copyright Act is unclear in the case of
subscribers who reside other than in the United States, and whose contract is
declared to be with LinkedIn Ireland Limited.

Term 8 purports to determine the jurisdiction as being California,
irrespective of the locations of the subscriber and of the company with whom
the subcriber has a contract, and to do so irrespective of law.

Term 10B1 imposes as a condition of service an obligation not to post
"inappropriate, inaccurate, or objectionable content". Those terms are
undefined and highly ambiguous, and could be interpreted as a very low
threshold. For example, comments made in this analysis of LinkedIn's Terms
could be argued (or, given the nature of other Terms, merely asserted or
deemed) to be any and all of "inappropriate, inaccurate, or objectionable
content". Similarly, Term 10B28b purports to ban "otherwise objectionable"
content.

Term 10B4 says "[Don't] Include information in your profile or elsewhere,
except in designated fields, that reveals your identity or sensitive personal
information such as an email address, phone number or address or is
confidential in nature". Presumably this is meant to be qualified by 'unless
you intend to disclose it'. But 10B4 is expressed as a condition of access
that has to be 'strictly observed', and hence grounds for the draconian
suspension and termination Term.

Term 10B28c prohibits "any personally identifiable information for which there
is not a field provided by LinkedIn". Cultural variants are profuse (e.g.
saints' names and their equivalents in religions other than Christianity,
star-signs and other birth-signs). Breach (at LinkedIn's discretion) is
asserted to be grounds for unilateral and unappealable termination.

Term 10B17 purports to prohibit "unsolicited communications to other Users",
on pain of termination. This appears to be a rather silly Term for a
networking site. Term 10B20 contains a more reasonable provision.

Term 10B19 purports to prohibit a subscriber from taking an action to
"Remove, cover or otherwise obscure any form of advertisement included on
LinkedIn". It is unconscionable to preclude such actions as:

the blocking of moving advertisements that disturb the particular user's
eye or brain

the filtering of advertisements that are found to contain malware

the filtering of advertisements that carry other active code

the filtering of advertisements from organisations considered unacceptable
by the particular user

Terms 10B21 and 22 purport to prohibit the use and sharing of personal data
"obtained from LinkedIn except as expressly permitted in this Agreement or as
the owner of such information may expressly permit". The context of a
networking service that publishes individuals' creates circumstances in which
consent is implied, and does not have to be express, particularly in an
Agreement between the accessor and LinkedIn.

Term 10B24 says "[Don't] Invite people you do not know to join your
network". This appears to be impracticable in a professional networking
service - unless the concept of 'know' has been substantially redefined.

Term 10B28h prohibits content that "Forges headers or otherwise manipulate
identifiers in order to disguise the origin of any communication transmitted
through the Service". This nominally precludes a person from protecting their
net-location, and in some circumstances perhaps even their physical location.
This threatens personal safety and has implications for executives in locations
that would tend to disclose their activities at the time (such as negotiations
with a takeover prospect).

Appendix
2: Privacy Policy

In the Introduction, "We reserve the right to modify this Privacy Policy at
any time, so please review it frequently. If we make material changes to this
policy, we will notify you here, by email, or by means of a
notice on our home page. By continuing to use the LinkedIn service after notice
of changes has been sent to you or published on the LinkedIn website, you are
consenting to the changes" (emphasis added).

In 2L, "We may also disclose [all personal data] as part of a reorganization or
a sale of the assets of LinkedIn Corporation, a subsidiary or division. Any
third party to which LinkedIn transfers or sells LinkedIn's assets will have
the right to continue to use the personal and other information that you
provide to us".

In 5C, "We may update this Privacy Policy at any time, with or without advance
notice. In the event there are significant changes in the way we treat your
personally identifiable information, or in the Privacy Policy document itself,
we will display a notice on the LinkedIn website or send you
an email, as provided for above. Unless stated otherwise, our current Privacy
Policy applies to all information that LinkedIn has about you and your account.
Using the LinkedIn Services after a notice of changes has been sent to you or
published on our site shall constitute consent to the changed terms or
practices" (emphasis added).

The combination of these provisions gives rise to the following issues:

LinkedIn has no obligation to sustain the Privacy Policy if the business
is sold

LinkedIn has no obligation to sustain the Privacy Policy when something
occurs that can be argued to fit within the vague term 'reorganisation'

LinkedIn asserts the right to make whatever changes to the Privacy Policy
it sees fit:

unilaterally

without prior notice

without effective contemporaneous notice - because no direct communication
is needed to subscribers and the notice could be published in any location
within the LinkedIn website

without modification to the published Privacy Policy - because the 'or' in
the Introduction means that a change to its published Privacy Policy is only
one of the ways in which the company can effect a change to the Terms of the
contract between the company and its subscribers

the Privacy Policy cannot be relied upon as presenting LinkedIn's
undertakings. This is because here is no 'entire agreement' clause in the
Privacy Policy, and, even at the time the document is read, there may be other
notices in any number of locations elsewhere on the company's website

LinkedIn applies all changes it makes retrospectively, i.e. each notice,
nomatter where on the website it may be placed, and each successive replacement
Privacy Policy, apply to everything that LinkedIn holds. Any undertakings that
were previously given, but which conflict with subsequent notices or the latest
Privacy Policy, are purportedly null and void from the date the change is made

any change the company makes purports to be automatically consented to by
every LinkedIn subscriber

In 1, it says "you voluntarily and willingly provide us certain information,
including personally identifiable information, which we collect in order to
provide the Services. If you have any hesitation about providing information to
us and/or having your information displayed on the LinkedIn website or
otherwise used in any manner permitted in this Privacy Policy and the User
Agreement, you should not become a member of the LinkedIn community".

From 1A, it is clear that the "certain" personal data includes "name, email
address, country, and password", none of which is in itself problematical.
From 1B, there is reference to "information [that] is minimally required at
registration", from which might be inferred that the short list in 1A is all
that is mandatory. It remains unclear, however, whether there are any other
items of "certain" personal data whose provision is a condition of
participation.

The personal data could be thought of as being for the purposes of oneself
and other users. However, in 1B, "Any information you provide at registration
or in the Profile section may be used by LinkedIn as described in the User
Agreement and this Privacy Policy, including for the purpose of serving
advertisements through the service".

It appears that there are four categories of personal data:

Registration data, which may be as little as "name, email address,
country, and password", but may be more than that

Profile data:

Public Profile data open to search-engines (2E)

LinkedIn internal Profile data

Private Activity (in the Introduction) also known as Contacts (1C).

On the other hand, a quite different set of categories appears on one open
but obscure web-page entitled
Managing
Account Settings.

It might be inferred that only Registration and Profile data are available to
LinkedIn for any purpose, including the serving of advertisements. But that is
far from clear.

1C says that "All information that you enter or upload about your contacts
... will enable us to provide customized services such as suggesting people to
connect with on LinkedIn". It therefore appears that all four categories of
personal data are available to LinkedIn for any customised services, including
increasing networking.

It might be inferred that LinkedIn will not disclose anything to its
subscribers about other subscribers other than the (open) Profile data and the
fact that, on the basis of the Registration data, both kinds of Profile data
and Private data, LinkedIn imputes a potential for common interests between the
parties. But that is far from clear.

In 1C, "You may not invite anyone you do not know and trust to connect with
you". It is unclear what "know" and "trust" mean. Given that the purpose of
the service is "to connect with others on LinkedIn", the practicality and the
enforceability of this provision are both doubtful. The expression might also
be inferred to empower LinkedIn to impute some kind of trust relationship
between individuals simply on the basis of an invitation being sent.

In 1C, "The names and email addresses of people whom you invite will be used
to send your invitations and reminders as well as to allow LinkedIn to help
expand your network". This could be read as meaning that you may provide
additional contact-details of your own contacts who are not LinkedIn users, and
that LinkedIn may keep those additional contact-details. Name and
email-address are not in themselves highly sensitive. On the other hand, some
SNS encourage subscribers to upload their entire address-books, or to maintain
their address-books on the SNS, in which case a great deal more about
non-subscribers than name and email-address may be exposed to the SNS operator.

In 1J, "If you update any of your information, we may keep a copy of the
information that you originally provided to us in our archives for uses
documented in this policy". This is unbounded in time, and vague as to
purposes. It could also be inferred to mean that even deleted data may be
retained indefinitely, despite the expiry of the purpose for which it was
provided.

In 3A, "even after your request for a change is processed, LinkedIn may, for a
time, retain residual information about you in its backup and/or archival
copies of its database". This is vague as to the retention period, but is much
less unreasonable than the apparently conflicting provision in 1J.

In 3C, "we may retain certain data contributed by you if LinkedIn believes it
may be necessary to prevent fraud or future abuse, or for legitimate business
purposes, such as analysis of aggregated, non-personally identifiable data,
account recovery, or if required by law. LinkedIn may also retain and use your
information if necessary to provide the Services to other Users". This appears
to be a reasonable set of relevance criteria for data retention, but it is
unclear whether this is the complete set of "uses documented in this policy"
referred to in 1J.

In 1J, "You may request deletion of your information at any time by
contacting LinkedIn customer service. We will respond to your request within 30
days". It is reasonable to infer that there is no general deletion command
available within the service (although the function may be available for
individual data items, by means of amending the content to <null>). In
all circumstances, if a person has decided to request deletion, they want it
done now and not deferred or forgotten. Further, in some circumstances, there
may be personal safety concerns arising from the continued availability of the
data.

In 2A, "You have the right to withdraw your consent to LinkedIn's collection
and processing of your information at any time, in accordance with the terms of
this Privacy Policy and the User Agreement, by changing your Settings, or by
closing your account". The nature of the Settings, and the defaults, appear
not to be visible without login, and no explanation was apparent in the very
limited documentation of the service available to non-subscribers. Hence a
person who is considering becoming a subscriber cannot see what the options
are.

On one occasion, however, by following an obscure trail within the site, a page
entitled
Managing
Account Settings was discovered, which provides some information about
those Settings.

In 2F, "permission to access certain account information may be
automatically granted [to certain LinkedIn Partners and Platform Developers] to
provide the combined services or functionality". The
list
shows there is a large number of partners.

It is uncertain what the "certain" account information is, because the term
'account information' is not defined, and is not related to the various
categories of personal data mentioned at various points in the Privacy Policy
and explained in somewhat inconsistent ways. It could be inferred to be only
Registration data, which in turn could be inferred to be only "name, email
address, country, and password" (although it is to be expected that password
will not be available, and arguably should not be available even to LinkedIn).
But that is not entirely clear, and the extent of data access could be much
wider than that.

This access is "automatically granted", i.e. a condition of service. There is
a form of opt-out in the Settings area, but this is acknowledged as being only
partially effective.

There are grounds for concern that this may represent a substantial undermining
of what otherwise appeared to be significant assurances, in particular "we do
not ... provide your personally identifiable information to third parties for
marketing purposes. Further, we will only share your personally identifiable
information with third parties to carry out your instructions or to provide the
Services or information unless compelled by law, or as necessary to enforce our
User Agreement or protect the rights, property, or personal safety of LinkedIn,
its Users, and the public" (2E).

In 2K, "we may need to disclose personal information, profile information
and/or information about your activities as a LinkedIn User ... if LinkedIn has
a good faith belief that disclosure is necessary ... to assist government
enforcement agencies".

This is unreasonable and excessive. No such disclosures should be made without
legal authority. In addition, the term 'government enforcement agencies' is
different from 'law enforcement agencies' and could be reasonably inferred to
mean any government agency in any jurisdiction. (Exceptions are of
course reasonable in rare emergency situations relating to the likely
prevention of harm to a person or persons, but these must be subject to ex
post facto controls).

In 3B, "LinkedIn accounts are also defaulted to allow Users to be contacted
to participate in polls, surveys and partner advertising. Click here to change
these settings". The company asserts that the majority of the Settings "are
what we believe to be reasonable default settings that we have found most
professionals desire"; but this does not appear to apply to these three
settings, particularly the last of them (third-party advertising).

In 4, "You must not provide to LinkedIn and/or other Users information that
you believe might be injurious or detrimental to your person or to your
professional or social status". This is not matched by any requirement
relating to 'information that might be injurious or detrimental to other
people'.

In 4, "You must not download or otherwise disseminate any information that
may be deemed to be injurious, violent, offensive, racist or xenophobic".
Firstly, it is unclear whether this is appropriate in a Privacy Policy or is a
commercial Term. Secondly, the words "may be deemed to be" set far too low a
threshold test. Thirdly, LinkedIn purports to provide itself with uncontrolled
power based on that inappropriately low threshold: "Any
violation of these guidelines may lead to the restriction, suspension
or termination of your account at the sole discretion of
LinkedIn" (emphases added).

In 5B (under a non-relevant heading), "by becoming a User, you have given us
your express and informed consent to transfer the data that you provide to us
to the United States and to process it in the United States".

This is a serious matter for the more than 50% of subscribers who are not
resident in the USA, because US data protection law is the weakest in the
advanced world, US government agencies have very substantial and in many cases
ineffectively controlled data access capabilities, and the US asserts for
itself very substantial extra-territorial powers.

The content and infrastructure for these community service pages are provided by Roger Clarke through his consultancy company, Xamax.

From the site's beginnings in August 1994 until February 2009, the infrastructure was provided by the Australian National University. During that time, the site accumulated close to 30 million hits. It passed 50 million in early 2015.